Vulnerabilities > Xoops
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-06 | CVE-2006-3363 | Remote File Include vulnerability in Xoops Glossaire Module 1.7 PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter. | 5.1 |
| 2006-05-22 | CVE-2006-2516 | Path Traversal vulnerability in Xoops mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | 5.1 |
| 2006-01-13 | CVE-2006-0198 | HTML Injection vulnerability in Xoops Pool Module IMG Tag Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. network xoops | 4.3 |
| 2005-11-18 | CVE-2005-3681 | Unspecified vulnerability in Xoops Wf-Downloads 2.05 SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter. | 7.5 |
| 2005-11-18 | CVE-2005-3680 | Unspecified vulnerability in Xoops 2.2.3 Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. | 6.4 |
| 2005-10-27 | CVE-2005-2338 | HTML Injection vulnerability in XOOPS Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module. network xoops | 4.3 |
| 2005-07-05 | CVE-2005-2113 | SQL-Injection vulnerability in Xoops SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method. | 7.5 |
| 2005-07-05 | CVE-2005-2112 | Cross-Site Scripting vulnerability in Xoops Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. network xoops | 4.3 |
| 2005-05-02 | CVE-2005-0743 | Remote Arbitrary PHP File Upload vulnerability in Xoops Custom Avatar The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered. | 7.5 |
| 2004-12-31 | CVE-2004-2756 | Cross-Site Scripting vulnerability in Xoops Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. | 4.3 |